Web application/SaaS based on using user’s API, are we responsible for user’s usage?

For example, let’s say I have an SaaS application, that enables users help create Telegram bot. On the server, we process the bots and APIs for it. Now, let’s say if some users try to use the application for bad purpose, like spamming, scamming, illegal activity. Now, are we responsible for the user’s usage? What type of workarounds or disclaimer can we have to avoid these troubles?